<%

'Connection String
Dim objConn
'Query to be executed
Dim SQLQuery
'Recordset
Dim rs
'email of the user
Dim email
'password of User
Dim password




'Getting information from submitted form
email = request.form("email")
password = request.form("password")
	

'If  blank email password submitted
	if email="" or password = "" Then
		Response.Redirect "unauthorized.asp"
	end if


	'Creating connection Object
	Set objConn = Server.CreateObject("ADODB.Connection")

objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &Server.MapPath ("data/shop.mdb")



objConn.Open
	
	'Query to be executed
	SQLQuery = "select * from tblUsers where Email = '"&email&"' and Password = '"&password&"'"
	'Retrieving recordset by executing SQL
    set rs=objConn.execute(SQLQuery)
	'If no records retrieved
    if rs.BOF and rs.EOF then
		Response.Redirect "unauthorized.asp"
	else
		Response.Cookies("email")=email
		Response.Cookies("email").Expires = Now() + 5
		Session("email")= "Yes"
		Response.Redirect "index.html"
	end if
		
		objConn.Close
        rs.close
		
		 set rs = nothing
        set onjConn = nothing
    

%>
